diff options
author | Jakub Jelen <jjelen@redhat.com> | 2022-10-04 12:44:54 +0200 |
---|---|---|
committer | NIIBE Yutaka <gniibe@fsij.org> | 2022-10-06 14:10:14 +0900 |
commit | e235f38f9b9fc3cd4464bbf9081da765d46ce87d (patch) | |
tree | c5d3d29c8ee053803d0d8ef7dcdd48c0bc80a2ce | |
parent | 96615490c7b1d5f77de7f7f2b77e775540f7f6bf (diff) | |
download | libgcrypt-e235f38f9b9fc3cd4464bbf9081da765d46ce87d.tar.gz |
tests: Reproducer for short dklen in FIPS mode
* tests/t-kdf.c (check_pbkdf2): Add test vector with short dklen and
verify it fails in FIPS mode
--
Cherry-picked master commit of:
efdc87b305ff326f37acd3a9c2606de24a706cce
GnuPG-bug-id: 6219
Signed-off-by: Jakub Jelen <jjelen@redhat.com>
-rw-r--r-- | tests/t-kdf.c | 12 |
1 files changed, 10 insertions, 2 deletions
diff --git a/tests/t-kdf.c b/tests/t-kdf.c index 15e77c82..19c96451 100644 --- a/tests/t-kdf.c +++ b/tests/t-kdf.c @@ -911,6 +911,14 @@ check_pbkdf2 (void) "password", 8, "salt", 4, GCRY_MD_SHA1, + 1, + 10, /* too short dklen for FIPS */ + "\x0c\x60\xc8\x0f\x96\x1f\x0e\x71\xf3\xa9" + }, + { + "password", 8, + "salt", 4, + GCRY_MD_SHA1, 2, 20, "\xea\x6c\x01\x4d\xc7\x2d\x6f\x8c\xcd\x1e" @@ -1105,7 +1113,7 @@ check_pbkdf2 (void) GCRY_KDF_PBKDF2, tv[tvidx].hashalgo, tv[tvidx].salt, tv[tvidx].saltlen, tv[tvidx].c, tv[tvidx].dklen, outbuf); - if (in_fips_mode && tvidx > 6) + if (in_fips_mode && tvidx > 7) { if (!err) fail ("pbkdf2 test %d unexpectedly passed in FIPS mode: %s\n", @@ -1114,7 +1122,7 @@ check_pbkdf2 (void) } if (err) { - if (in_fips_mode && tv[tvidx].plen < 14) + if (in_fips_mode && (tv[tvidx].plen < 14 || tv[tvidx].dklen < 14)) { if (verbose) fprintf (stderr, |